first fine in Lithuania

First GDPR fine issued in Lithuania

A year after GDPR came into force, the Lithuanian Data Protection Authority (VDAI) has issued its first administrative fine. UAB ‘Mister Tango’, a company that provides financial operation services globally, was fined 61,500 EUR in respect of GDPR Articles 5, 32 and 33 relating to improper processing of personal data in instant screen images (screenshots).

Improper processing of personal data

Of the company’s images, 9000 were found to contain personal details and payment session copies of customers of 12 different banks in different countries. It was also found that ‘Mister Tango’ processes an extensive amount of personal data that is not stated in its privacy policy, which violates GDPR Art. 5.

Furthermore, for at least 2 days the list of processed payments showing customers’ data was visible online. Disclosure of personal data is treated as a personal data breach and must be reported within 72 hours (GDPR Art. 33). However, VDAI was not informed about the incident.

Data Protection Authority investigation

Before deciding to impose the fine, the VDAI considered all the factors relative to whether or not ‘Mister Tango’ acted to the best of its abilities in making sure that data processing was transparent, compliant and secure.

VDAI concluded that ‘Mister Tango’ doesn’t have the necessary technical and organisational security measures in place to ensure the required level of safety, including protection against unauthorised processing or disclosure (GDPR Art.32).

The VDAI’s decision has not yet come into force and can be appealed against through the court.

The original source: Įmonės atsakomybės neišvengs – Lietuvoje skirta ženkli bauda už Bendrojo duomenų apsaugos reglamento pažeidimus

More on this topic:

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

The General Data Protection Regulation (GDPR) establishes the requirement for certain organizations to appoint a Data Protection Officer (DPO). The...
ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

Environmental, Social, and Governance (ESG) compliance has evolved into a critical factor in corporate sustainability. Investors, regulators, and customers now...
Data Transfer Impact Assessments: The Key to GDPR-Compliance

Data Transfer Impact Assessments: The Key to GDPR-Compliance

In today’s globalized business environment, data flows across borders are essential—but they must be secure and compliant with the General...
Is Google Recaptcha GDPR Compliant?

Is Google Recaptcha GDPR Compliant?

Google reCAPTCHA is a popular tool that protects websites from spam and abuse by distinguishing between humans and bots. But...
Your Essential Guide to Developing a Data Breach Response Plan

Your Essential Guide to Developing a Data Breach Response Plan

The General Data Protection Regulation (GDPR) places significant emphasis on securing personal data, particularly in Articles 32-34, which outline requirements...
Biometric Data and GDPR: Key Considerations

Biometric Data and GDPR: Key Considerations

Biometric data is classified by the GDPR as a special category of personal data, subject to enhanced protection. This means...
Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Every so often, viral posts resurface on Facebook and Instagram declaring:"I do not allow Meta to use my data, pictures,...
GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

Netflix is at the centre of a data privacy cliffhanger as the Dutch DPA indicates it is likely to be...
How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

Lessons for Legal Teams: Avoiding Costly Mistakes in Data Privacy ComplianceData privacy is no longer a secondary concern for businesses—it's...
Privacy Rights and it’s Challenges – 6 Years of GDPR

Privacy Rights and it’s Challenges – 6 Years of GDPR

Six years since GDPR came into force, the promise of stronger data protection is being undermined by the rise of...